Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/17/2020

GitHub to replace “master” with alternative term to avoid slavery references

GitHub is working on replacing the term “master” on its service with a neutral term like “main” to avoid any unnecessary references to slavery, its CEO said on Friday. The code-hosting portal is just the latest in a long line of tech companies and open source projects that have expressed support for removing terms that may be offensive to developers in the black community. This includes dropping terms like “master” and “slave” for alternatives like “main/default/primary” and “secondary;” but also terms like “blacklist” and “whitelist” for “allow list” and “deny/exclude list.” The concern is that continued use of these racially-loaded terms could prolong racial stereotypes.

 

‘Woefully lax’: report slams CIA cybersecurity after hacking tool leak

Many of the Central Intelligence Agency’s most sensitive hacking tools were so poorly secured that it was only when WikiLeaks published them online in 2017 that the agency realized they had been compromised, according to a report released Tuesday.  The secret-spilling site drew international attention when it dumped a vast trove of malicious CIA code on the internet in March 2017. The digital tools, sometimes described as “cyber weapons,” provided a granular look at how the CIA conducts its international hacking operations. It also deeply embarrassed the U.S. intelligence community, which has repeatedly been hit by large-scale leaks over the past decade.

 

Self-cleaning mask can kill viruses with heat from phone charger, researchers say

Israeli researchers say they have invented a reusable face mask that can kill the coronavirus with heat by drawing power from a mobile phone charger. The disinfecting process takes about 30 minutes – and users should not wear the mask while it is plugged in, said Professor Yair Ein-Eli, who led the research team at Technion University in Haifa. The new mask has a USB port that connects to a power source such as a standard cellphone charger that heats an inner layer of carbon fibers to up to 70 degrees Celsius (158 degrees Fahrenheit), high enough to kill viruses.

 

Tens of millions of Internet-of-Things, network-connected gizmos at risk of remote hijacking

A bunch of flaws in a commonly used TCP/IP software stack have put potentially tens of millions of Internet-of-Things devices, healthcare equipment, industrial control systems, and other network-connected gear at risk of remote attack, it is claimed. The vulnerabilities are dubbed Ripple20 – because hey, what’s a bug reveal without a marketing push these days? – and were found and reported by infosec outfit JSOF. The team’s disclosure this week of the security holes lightly details 19 CVE-listed bugs in a TCP/IP stack developed by US outfit Treck for embedded systems.

 

ESET rushes to defend rival Malwarebytes in legal war sparked by vendor upset at ‘unwanted program’ labeling

Last week, fourteen cybersecurity experts, infosec biz ESET, and tech advocacy groups the Internet Association and TechFreedom filed friend-of-the-court briefs urging the US Supreme Court to review a 2019 appeals court ruling against antivirus maker Malwarebytes. The flurry of legal arguments represents an effort to ensure blanket immunity protections outlined in Section 230 of America’s Communications Decency Act (CDA) – which Malwarebytes is relying on – remain as broad as possible. The security experts’ brief [PDF] notes that competing anti-threat software can itself be a genuine threat if it contains bugs (e.g. Symantec’s Norton Antivirus in 2016) or if it’s actually malware claiming to be legitimate.

 

US regulators will share automated vehicle test data with the public

The National Highway Traffic Safety Administration (NHTSA) has launched a new initiative that will give you access to more information on automotive vehicle tests conducted by various companies. It’s a voluntary effort called Automated Vehicle Transparency and Engagement for Safe Testing (c) Initiative, which aims to increase transparency in the industry. The program will also enable Federal, State, and local government “to coordinate and share information in a standard way.” According to Reuters, the hope is to boost public awareness about self-driving technologies, since most people are still skeptical about automated vehicles. Deputy NHTSA Administrator James Owens told the organization in an interview that being more transparent “encourages everybody to up their game to help better ensure that the testing is done in a manner fully consistent with safety.”

Related Posts